> >Can the entire SAF data structure be cached in virtual, pageable > >storage? In DREF storage? > > Has IBM added support for ES in 64-bit mode? If not, what is DREF in a > supported system?
There is no expanded storage in z/Architecture. However, DREF is still valid and does have some useful attributes. If you asked for ESQA or ELSQA, your virtual storage would be backed by fixed storage immediately. OTOH, the same amount of DREF would not be backed unless/until you actually touched it, so it is potentially a more efficient use of real storage than true fixed storage. After that it's effectively the same as ESQA or ELSQA. Oh, and of course it is key zero only... > >Some code needs to use certain authorized services so frequently > >that a SAF call would add too much overhead. > > How much of that code is called by problem state key 8 users? How much > of that code can't be relegated to a PC routine? The pathlength for checking caller (APF) authorization is trivial, even when taking into account checking that input/output parameters are in the right key. But APF is too coarse-grained and too risky to use with abandon. PC and SVC routines are the right mechanism for wrapping privileged logic, but they often need to apply some installation-defined criteria to whether the caller's intended access is permitted or not. SAF does just a fine job at that and a properly constructed privileged function (e.g. PC) can set up and use FASTAUTH to get acceptable performance in cases with somewhat frequent access. Unfortunately SAF is never cheap. If the access frequency is high enough, the only solution is to design the application in such as way as to avoid the need for frequent auth-checks. There are products that allow fine-grained "row-level" security checks, but their vendors typically recommend against using them. If you really want it and you're prepared to pay the price, go for it. As you say "not my dog". CC ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
